So, is anybody else following the whole Fortinet and Zango fight? This is one of the most amusing "responsible disclosure" debates I have ever seen. For those who haven't seen it, let me introduce the combatants:
In the red corner, fighting out of California, there's Fortinet - an internet security company who generally do a decent job of making products that help. They've got their issues, but so do most companies.
In the blue corner, from Washington, there's Zango. They make spyware. That's right. You heard me. They make spyware.
So the fight started when Fortinet put out this advisory claiming that Zango was using a Facebook widget to install their spyware. (Remember - they make spyware.)
So, Zango gets all up in their face. They're delighting in calling Fortinet "opportunistic". They roll their PR team in action, even to the point of getting this Wired News article. From the article:
"Zango's associate corporate counsel Kevin Osborne called the report "reprehensible" in a phone interview Friday, saying Fortinet had just piled together the hot buzzwords "Facebook," "Widgets" and "Spyware" to make a splash."
Well, it turns out that Zango has now "proved" that Fortinet was wrong.
Okay, so let's recap this. Fortinet makes a mistake calling b.s. on a known spyware vendor, and we're supposed to be feeling sympathetic for Zango? Who's the opportunistic one here?!?!
If I were Fortinet, I'd probably send the following (open) letter to Zango's CEO:
Dear Kevin Smith,
We're really sorry that we made a mistake on our advisory (if we actually did). However, if you weren't such a pathetic company that makes a plague that infects the world's computers without providing any real value, we probably wouldn't have been so worried about it.
Clean up your act, and we'll promise not to screw up ever again.
Fortinet (on behalf of the security community at large).
Okay, rant over. This one just activated my "that's dumb" circuitry.